82 */ |
82 */ |
83 |
83 |
84 package jdk.internal.dynalink.beans; |
84 package jdk.internal.dynalink.beans; |
85 |
85 |
86 import java.lang.reflect.Modifier; |
86 import java.lang.reflect.Modifier; |
|
87 import java.security.AccessControlContext; |
|
88 import java.security.AccessController; |
|
89 import java.security.Permissions; |
|
90 import java.security.PrivilegedAction; |
|
91 import java.security.ProtectionDomain; |
87 |
92 |
88 /** |
93 /** |
89 * A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc. See |
94 * A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc. |
90 * {@link CheckRestrictedPackageInternal} for implementation details. |
|
91 */ |
95 */ |
92 class CheckRestrictedPackage { |
96 class CheckRestrictedPackage { |
|
97 private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext(); |
|
98 |
93 /** |
99 /** |
94 * Returns true if the class is either not public, or it resides in a package with restricted access. |
100 * Returns true if the class is either not public, or it resides in a package with restricted access. |
95 * @param clazz the class to test |
101 * @param clazz the class to test |
96 * @return true if the class is either not public, or it resides in a package with restricted access. |
102 * @return true if the class is either not public, or it resides in a package with restricted access. |
97 */ |
103 */ |
98 static boolean isRestrictedClass(Class<?> clazz) { |
104 static boolean isRestrictedClass(Class<?> clazz) { |
99 return !Modifier.isPublic(clazz.getModifiers()) || |
105 if(!Modifier.isPublic(clazz.getModifiers())) { |
100 (System.getSecurityManager() != null && isRestrictedPackage(clazz.getPackage())); |
106 // Non-public classes are always restricted |
|
107 return true; |
|
108 } |
|
109 final SecurityManager sm = System.getSecurityManager(); |
|
110 if(sm == null) { |
|
111 // No further restrictions if we don't have a security manager |
|
112 return false; |
|
113 } |
|
114 final String name = clazz.getName(); |
|
115 final int i = name.lastIndexOf('.'); |
|
116 if (i == -1) { |
|
117 // Classes in default package are never restricted |
|
118 return false; |
|
119 } |
|
120 // Do a package access check from within an access control context with no permissions |
|
121 try { |
|
122 AccessController.doPrivileged(new PrivilegedAction<Void>() { |
|
123 @Override |
|
124 public Void run() { |
|
125 sm.checkPackageAccess(name.substring(0, i)); |
|
126 return null; |
|
127 } |
|
128 }, NO_PERMISSIONS_CONTEXT); |
|
129 } catch(SecurityException e) { |
|
130 return true; |
|
131 } |
|
132 return false; |
101 } |
133 } |
102 |
134 |
103 private static boolean isRestrictedPackage(Package pkg) { |
135 private static AccessControlContext createNoPermissionsContext() { |
104 // Note: we broke out the actual implementation into CheckRestrictedPackageInternal, so we only load it when |
136 return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) }); |
105 // needed - that is, if we need to check a non-public class with a non-null package, in presence of a security |
|
106 // manager. |
|
107 return pkg == null ? false : CheckRestrictedPackageInternal.isRestrictedPackageName(pkg.getName()); |
|
108 } |
137 } |
109 } |
138 } |